The present disclosure relates to managing access to resources within a computing environment and to detecting anomalies related to access control events.
A computing environment may provide access to protected resources (e.g., networks, servers, storage devices, files, and computing applications) based on access rights (e.g., read, write, create, delete, or execute rights) that are tailored to particular users of the computing environment (e.g., a particular employee or a group of users that are identified as belonging to a particular group or classification). An access control system may perform various functions for managing access to resources including authentication, authorization, and auditing. Authentication may refer to the process of verifying that credentials provided by a user or entity are valid or to the process of confirming the identity associated with a user or entity (e.g., confirming that a correct password has been entered for a given username). Authorization may refer to the granting of a right or permission to access a protected resource or to the process of determining whether an authenticated user is authorized to access a protected resource. Auditing may refer to the process of storing records (e.g., log files) for preserving evidence related to access control events. In some cases, an access control system may manage access to a protected resource by requiring authentication information or authenticated credentials (e.g., a valid username and password) before granting access to the protected resource. For example, an access control system may allow a remote computing device (e.g., a mobile phone) to access a protected resource, such as a file, webpage, application, or cloud-based application, via a web browser if valid credentials are provided to the access control system.